Recently I had a task to add the Windows Server Essentials Role to an existing customers DC, as they were going to use Server Essentials with the inbuild Azure Sync rather than Azure AD Connect Sync. The reason behind this was that our customer had recently migrated from Exchange 2010 to O365, and they didn’t want to keep an Exchange Server around for management – therefore in this case the only option if they wanted to remain supported by Microsoft (as otherwise any changes to the Exchange attributes of users would have to be done via ADSI edit!). I add the role very easily from PowerShell:

PowerShell

1

Add-WindowsFeatureServerEssentialsRole

Then, when attempting to configure the role it was saying that the Server needed to be rebooted and that the configuration failed. I then rebooted and tried again but I got the same message. After a quick bit of digging, it would seem that there is an account called ServerAdmin$ which is used as part of the initial configuration, and the DC didn’t have this set in Group Policy. The answer can be found in the below TechNet article:

You basically need to add the ServerAdmin$ into the log on as a service right within the Default Domain Controllers policy: